1. Field of the Invention
The present invention concerns a method for server-controlled security management of performable services and an arrangement to provide data according to a security management for an electronic system. The invention is particularly suitable for franking machines and for other mail processing apparatuses that implement a service provided by a remote data center in communication with the franking machine.
2. Description of the Prior Art
The franking machine JetMail© that is commercially available from Francotyp-Postalia AG & Co. KG, is equipped with a base and with a removable meter. The latter is operationally connected with a static scale integrated into the base housing and is also used for, among other things, postage calculation. In connection with the service of downloading a postage tariff table, no particular security measures are implemented even though the correctness of the postage calculation is based on the aforementioned table and even though the meter contains a security module equipped with a cryptographic unit. The latter serves only to secure the postage fee data to be printed. Moreover, the meter contains a controller to control the printing and to control peripheral components of the franking machine. The base contains a postal item transport device and an inkjet printing device to print the postage value stamp on the postal item. An exchange of the print head is unnecessary since the ink tank is separate from the print head and can be exchanged. Also, no particular security measures have to be taken for the print head or for protection of the activation and data signals when a security imprint with a marking that provides a verification of the validity of the security imprint (U.S. Pat. No. 6,041,704) is printed with a special piezo-inkjet print head. In addition to the service of the downloading of a postage tariff table and a known service of a tele-postage data center, such as the downloading (U.S. Pat. No. 5,699,415 and European Application 689 170) of a credit from which the franked postage value can be debited before the printout, a further service can also be available in the base tracking. To prevent possible falsification by manipulation of the printing unit, i.e. in particular when the base with the printing unit can be separated from the meter, the postal authority is interested in information about the location of the printing unit when the base is again operated with a meter. Given base tracking, authorization ensues only of a printing unit that can be identified by the data center by an identification code (European Application 1 154 381).
In franking machines commercially available from Francotyp-Postalia AG & Co. KG—for example in Mymail®) and Ultimail® bubblejet print heads are used in the printing module. The ink tank and bubblejet print head are integrated into an exchangeable ink cartridge as is, for example, known from the ½-inch ink cartridge of the firm Hewlett Packard (HP). Contacting of the electrical contacts of the print head of the exchangeable ink cartridge can ensue via a connector of a conventional pen driver board by the firm HP. Both the postal authority and the customer have a heightened interest in a high evaluation security of the marking printed on the postal piece. A further service of the data center therefore can be piracy protection. In addition to the data enabling piracy protection, for example a code of the print head can be queried via the connector and sent to the data center via modem. The data center then effects a code comparison with a reference code stored in a database and transmits a message about the result of the check to the franking machine (European Application 1 103 924).
The security module is involved in a different manner with such services such as when, in the communication, security-relevant data must be exchanged with a remote data center over an unsecured data transmission path with a remote data center. The meter housing or the housing of a franking machine offers a first protection against fraudulent manipulations. An encapsulation of the security module by means of a special housing offers an additional mechanical protection. Such an encapsulated security module corresponds to the current postal requirements and is subsequently also designated as a postal security device (PSD). In some countries, the credit downloading requires security measures that only a PSD can provide. The franking machines offered by Francotyp-Postalia AG & Co. KG are connected in a known manner with a tele-postage data center for telephonic credit downloading and can be expanded with further devices in a franking system.
In addition to the positive remote value specification in the credit downloading cited above, a negative remote value specification given a refund of the remaining residual credit of the customer is known (European Application 717 379 and U.S. Pat. No. 6,587,843).
Moreover, loading of data not serving for credit loading before an initial operation of a franking machine is known from U.S. Pat. No. 5,233,657.
The use and transfer of machine-specific and customer-specific data set from a data center to a franking apparatus is known from European Application 1 037 172. The data set includes at least temporary and local data valid at the franking site that are retrievably stored in the data center associated with a number code in a database. The customer who has acquired a pre-initialized franking apparatus via a sales distribution should therewith be able to completely operate the franking apparatus without customer service or a service technician having to be called and without a visit to the post office. The data stored in the data center are subject to all of the same security measures. Independent of this, in the franking machine the graphic data are stored in a memory of the motherboard of the franking machine without further security measures. The graphic data can pertain to a stamp image, for example the city stamp.
A telephonic communication for the exchange of advertising stereotypes has been proposed in U.S. Pat. No. 4,831,554.
A date-dependent exchange of stamp images (with city stamp and with value stamp), which is loaded by modem at an earlier point in time, is disclosed in U.S. Pat. No. 4,933,849.
According to European Application 780 803, after an initialization it is possible for messages or carrier-specific advertising to be provided by a data center when an instruction for this is present in the data center. For this purpose, the customer must have previously agreed to a contract with the service provider or the operator of the data center.
From European Application 1 067 482, it is known to associate different security levels with the elements of a print image to be printed. These different security levels correspond to the different assignable authorization in order to individually change the elements. For authorization and downloading of the elements to change the print image, chip cards are used that validate the elements according to a special hierarchy.
A different service of a postal carrier exists in connection with a statistical classification of the franked mail according to statistical classes (European Application 892 368). Solutions to store data by the use of an end device are known from European Application 992 947 and European Application 1 001 383, according to which the registrations according to statistical classes (class of mail) are stored until the remote data center accesses them in order to query or to determine the user profile.
Furthermore, it is known that a remote data center can exchange security data via a modem with a franking system that has a postal security device (PSD). Such franking systems of Francotyp-Postalia AG & Co. KG known under the names Jetmail® and Ultimail®.